Whether it enchants you or terrifies you, cloud computing is rapidly
becoming the can’t-avoid technology for government bodies at every level.
Yet while some continue to watch and wait regarding the cloud, others
are forging ahead with great promise and great early results. This month,
we find out who’s been setting the pace for cloudbusting – and what’s
holding others back.

We talk with the founder of GovCloud, a
local startup aiming to give local councils
a boost into cloud computing.

18 Reinventing government service,
the social way

10

for many government organisations, but
in today’s social age it’s a guiding force
for citizen satisfaction.
24 Paper rules, digital world

Records management may not be sexy,
but it remains incredibly important –
especially as government bodies rush to

SPECIAL FEATURES

30

Customer service is a foreign concept

50

keep up with a flood of digital information.

CASE STUDIES
28 Whanganui District Council

A New Zealand local government has
built a robust system for managing
critical records – even digital ones –
throughout their lifecycle.

46 Shared-services benefits flow in Tasmania

Tasmanian water-authority sharedservices provider Onstream was
operational just four months after its
creation was ordered. Here’s how.

48 How Mitchell Shire went mobile

BOSTON ACCENT: MASSACHUSETTS STATE CIO
JOHN LETCHFORD
John Letchford has long been a champion of
progress in a climate of change. But how do you
turn around a state’s IT infrastructure despite
fierce politics and severe budget cuts?

ROUNDTABLE: CLOUD COMPUTING
It’s difficult to cover all aspects of the cloud all in
one conversation. But that hasn’t stopped GTR
from trying. This month’s roundtable brings together
a cloud provider, a telecoms provider and a security
provider as we search for meaning in the cloud.

A dual-pronged approach to GIS at
Mitchell Shire Council has boosted
accessibility for both ratepayers and
mobile-wielding staff.

GTR SEPTEMBER 2012 | 1

Cloud. Cloud, cloud, cloud, cloud, cloud.
There – Page two and you’ve already been inundated with talk about
the cloud. If you’re involved in IT in any capacity it’s probably not the first
time you’ve heard the word today and it won’t be the last.
There’s a reason for that, of course: the potential delivery of both commodity
and mission-critical information services through a consistent, online interface
represents the fulfilment of years of vision around systems portability and
information access. Cloud vendors are ready to bust silos and take names.
But are you? If you’re working in government, odds are that you’re still at the
toe-dipping phase. Persistent issues around information governance, security, data
sovereignty, and more have maintained a high level of drag on cloud efforts.
Thankfully, resistance is steadily decreasing. A growing domestic
industry is addressing concerns about data sovereignty and infrastructure
resilience, while the work of AGIMO is normalising cloud models and
providing frameworks by which Commonwealth government agencies can
reliably assess and engage cloud providers.
State governments are embracing commodity cloud services such
as email for certain applications, while tipping ever-growing masses of
government data into cloud-based systems that remove the need to invest in
systems scalable enough to service a user base of millions.
Balancing the desire to capitalise on the cloud with the reality of
government information practice has proved crucial for the likes of John
Letchford, the well-regarded CIO of one of America’s most progressive
states, whom I had the pleasure of meeting during a recent trip to Boston.
Even local governments are getting in on the fun thanks to the likes
of GovCloud, a cloud services facilitator with whom we speak this issue.
And if that’s not enough cloud for you, we’ve brought together several
stakeholders to discuss cloud matters for our regular roundtable.
This issue also addresses the challenges of the new customer service –
particularly in the context of an increasing social-media awareness across
government bodies – and looks at the challenges facing government agencies
as they work to embrace the new paper-and-digital recordkeeping world.
My own desk is a microcosm of this challenge, featuring both neverending piles of paper and a computer with more digital information than I
can ever seem to keep up with. Paperless office, my foot: juggling paper bits
and terabytes is just a fact of life in the 21st century.

ACT launches open data site
and transparency of government,” wrote
Mike Chisnall, executive director of the ACT
Government’s Government Information Office
(GIO), on the GIO’s blog (gio.act.gov.au).
Chisnall said the platform would
encourage the “innovative application of data
by individuals, businesses and government”
and promote collaboration with the ACT
Government to develop innovative servicedelivery solutions.
When GTR checked, the 57 available
data sets included bus routes and timetables,
Late August saw the debut of the Australian
Capital Territory government’s open-data site,
dataACT, as a repository for all kinds of data
from a broad range of sources.
The project has been developed by the ACT
Government Information Office and Shared
Services ICT, and incorporates extensive backend integration to ensure that individual agencies
data sets are continually kept current in the
dataACT repository through automatic updates.
Around one-third of the data comes from
static files that have been collected as part of
the effort; another third are ACT Government
RSS feeds; and the remaining third are regularly
updated from a variety of data sources.
“We hope dataACT will present
significant value to the ACT community and
government through improved accessibility

bus stops, ACT school locations, electoral
boundaries, ACT Supreme Court judgments,
ACT job details, ACT NAPLAN scores, and
even the location of European wasp nests.
More data sets are on the way, Chisnall said.
“We have a dataACT Roadmap to integrate
more datasets,” he added. “We have gone with
the philosophy of release early, release often.”
dataACT users can access data in a range
of formats including RSS, XML, CSV, XLS and
others. It includes built-in visualisation tools
that make the data accessible to the general
public as well as to data scientists; these
visualisations can be embedded into other sites
using readily available code.
The site also includes discussions that
are designed to foster the spirit of community
around the open-data initiative.
See data.act.gov.au for more information.

New Vic DSE site is for the (angry) birds
It may not seem to have the gravitas of a
major e-government project, but Victoria’s
Department of Sustainability and the
Environment (DSE) has nonetheless taken the
wraps off of a crowdsourced site that aims
to collate details on the locations of territorial
magpies and other birds across the state.
DSE, which gets hundreds of reports of
swooping bird attacks every year, has launched
the portal to help citizens plan their walks to
avoid the nesting birds. Bird locations are
overlayed on a Google Maps page on which
reported attacks have been categorised by the
garden in which they occur.

The effort includes a social-media aspect
with Twitter account (@DSE_Vic) and hashtag
(#swoopvic) supporting the Web site, which
can be found at bit.ly/nAA8Sd.

Rackspace vows
sovereignty in
Australian cloud
debut

Massive hosting and cloud-computing
operator Rackspace will open its first
Australian data centre, in Sydney, before
the end of the year as the company gears
up to bolster its presence in the growing
local cloud-computing market.
The new facility – located in Erskine
Park, west of the city – will give Rackspace a
local footprint to support dedicated hosting
and managed virtualisation solutions. It will
support VMware virtual-server environments
extensively, as well as offering a platform
for customers interested in Rackspace’s
OpenStack-based Open Cloud platform
(www.rackspace.com/cloud).
Rackspace bowed in the region in
2009 but the multi million-dollar facility –
planned along with partner Digital Realty
and intended to offer a raft of security
certifications including SSAE16, PCI and
ASIO Intruder Resistant – represents a
major increase in its profile, which includes
similar facilities in Dallas, Chicago, Virginia,
London, and Hong Kong.
It’s also an opportunity for privatesector and government customers looking
for a new option when choosing a base for
their private-cloud initiatives. Rackspace
is playing the data-sovereignty card hard,
offering a written guarantee to customers
that their data will not be transferred “to a
law enforcement agency of another country
(including the United States) without a
customer’s consent unless it is compelled
to do so by Australian law.”

GTR SEPTEMBER 2012 | 3

Australia second in world on global cloud-computing scorecard
Australia has come in second in the world, behind
only Japan, in a Business Software Alliance (BSA)
survey of world economies’ preparedness to
support the growth of cloud computing.
The BSA’s 2012 Global Cloud
Computing Scorecard (available at
portal.bsa.org/cloudscorecard2012)
rated 24 countries, which account for 80
percent of the global ICT market, on seven
key criteria including data privacy; security;
cybercrime; intellectual property; standards
and international harmonisation of rules;
promotion of free trade; and ICT readiness
and broadband deployment.

Australia scored an aggregate 79.2,
pipping Germany (79.0), the US (78.6)
and France (78.4) but falling several points
behind Japan (83.3). Australia outscored
every country except Korea when it came to
intellectual property protection, and joined
only Malaysia and India with a perfect 10.0 in
standards support.
Australia’s security score of 6.0 matched
that of Argentina but fell behind Russia, Spain
and Germany (6.4) as well as the US, France
and Italy (7.6), UK (8.0), and Japan (8.4). And
its 7.9 in data privacy was second only to
Japan, with an 8.8 score.

New Zealand was not included, while
China, Thailand, Vietnam and Brazil filled out
the bottom of the list.
Interestingly, BSA warned against
the imposition of policies that might hold
back the development of a global cloud
economy – and named the growing trend for
governments to impose “overly restrictive
legal interpretations to keep some data within
national borders”. This sounds at odds with
the growing push amongst government bodies
for ‘data sovereignty’ controls that would keep
government information within Australia’s
borders as a strategic goal.

New Zealand embraces cloud productivity tools
New Zealand’s government has taken a big step towards
cloud computing after it was revealed the country’s Internal
Affairs Department is about to issue a tender for “onshorehosted cloud-based office productivity services” that will
significantly boost the government’s cloud involvement.
The tender – which covers standard productivity tools
like email, word processing, spreadsheets and presentation
software – reflects a growing trend towards ‘cloud first’
directives for NZ government agencies.
“This is expected to drive the standardisation of
technology solutions and services,” Internal Affairs
minister Chris Tremain said in a statement, “but does
not necessitate the selection of only one solution for all

4 | GTR SEPTEMBER 2012

agencies…. Cloud technologies can significantly change
the way the public sector operates, enabling the provision
of better public services for all New Zealanders.”
NZ’s ‘cloud-first’ approach was warmly welcomed
by Ovum analyst Steve Hodgkinson, who argued in a
research note that the country’s progressive approach to
cloud computing contradicted the Australian government’s
more conservative policy position – which, he said, “while
also aiming to promote cloud adoption, is actually more
focused on the supposedly new risks and issues of cloud
services….significant barriers to cloud adoption are deeply
embedded in the twentieth-century ICT procurement
policies and practices of agencies.”

Australia’s most progressive local and state governments
and federal agencies have been powering their decisions
with ArcGIS solutions for over 34 years.
An Esri Australia ArcGIS solution...
• Predicted the likely impact of the 2011 floods for Brisbane City Council – before the event fully unfolded.
• Streamlined the City of Bayswater’s key internal processes, reducing land reporting requests from 12 days to 5 minutes.
• Ensured Queensland Fire and Rescue deployed personnel and resources with unprecedented precision – increasing
lives and property saved.
• Enabled SA Department for Families and Communities to streamline asset auditing of remote aboriginal
communities using the latest mobile technology.

Local governments still finding way on social media: report
A survey of 225 local government bodies
has found local councils are still coming
to grips with social media and its risks
and opportunities to change citizen
service delivery.
The report, entitled Using Social Media in
Local Government, was prepared by University
of Canberra research associate Anne Howard
and local government associations of SA, WA,
Tasmania, Victoria as well as NZ’s Northland
Regional Council.
A survey response rate of 50 percent
suggested “a sector already grappling with
the implications of social media and, in many
cases, looking for support and direction to fully
understand the opportunities offered by social

media,” the authors concluded.
Only one in five respondents said they
understood social media very well, with 37
percent reporting that they understand it “quite
well” and 43 percent did not have a good
understanding of the medium.
Just six percent said they were “leading
the sector” in social-media use, while one in six
councils was planning to use social media but
had not yet started to do so. Only 14 percent
said they were not planning to use it at all.
Formal policies for social media were
popular, with 50 percent of councils developing
and 26 percent already using such policies. Fully
half of councils reported staff were prevented
from using social media at work, while only 27

percent had introduced policies preventing staff
from making social-media representations that
might reflect on the organisation or industry.
Despite the prevalence of low socialmedia experience, only 21 percent of councils
had provided social-media training for staff
and only 9 percent had trained their elected
representatives to use the channel.
The full report is available at
bit.ly/LLRrmG.

Victoria policies boost access to state data Brisbane searches for
digital ‘champions’
for digital planning
Victoria has joined the growing list of Australian
jurisdictions making large volumes of government
data available to the public, after assistant
treasurer and minister for technology Gordon
Rich-Phillips recently launched new DataVic
Access and Intellectual Property policies.
Calling the open-data project a “long
overdue stimulus”, Rich-Phillips expected the
availability of large volumes of government data
through the state’s open-data site –
www.data.vic.gov.au – would produce a
windfall in innovative applications.
The policy explicitly sets out the types of
data to be made available, which ranges from
audio and video to images, graphics, maps,
geospatial and other data. It includes five
guiding principles:
1. Government data will be made available unless
access is restricted for reasons of privacy,
public safety, security and law enforcement,
public health, and compliance with the law.
2. Government data will be made available
under flexible licenses.
3. With limited exceptions, government data will
be made available at no or minimal cost.
4. Government data will be easy to find
(discoverable) and accessible in formats that
promote its reuse.

6 | GTR SEPTEMBER 2012

5. Government will follow standards and
guidelines relating to release of data and
agency accountability for that release.
Agencies may, under limited
circumstances, commercialise or charge for
data on a cost-recovery basis.
The DataVic Access Policy will be
progressively implemented through September
2013, as all state government agencies ramp
up to supply data sets for access through the
portal. Agencies are expected to have their
data ready for publication by December.
Key milestones include the development
of mandatory standards and guidelines to
support the principles (November 2012);
dataset availability through the portal (TBD);
and interim progress reports to be delivered to
Rich-Phillips in March and December 2013. A
full review of the policy’s effectiveness will be
conducted for delivery in June 2014.

Brisbane City Council (BCC) is scouring
through the area’s 50,000 businesses for
champions to be involved with a collaborative
effort to flesh out and promote the city’s digital
strategy, due for release by year’s end.
That strategy will cost over $1m to develop
and is set to begin implementation next year
after the city’s Economic Development Plan
2012-2031 highlighted the importance of digital
technologies to long-term growth in the region.
Newly appointed chief digital officer
Kieran O’Hea is driving the city’s efforts to
boost technology uptake in the region and fill
out Brisbane’s technological nous.
Efforts to identify and engage business
‘champions’ will see 25 early technology
adopters identified during a large-scale
survey of some 500 businesses’ use of digital
technology. BCC will offer consultancy
services to help those organisations fill
out their own digital strategies as it ramps
up its own efforts to stimulate growth
by encouraging the adoption of digital
technologies of all sorts.

Govt disclosure survey shows agencies’ broad IPS compliance
A survey of government Information Publication Scheme (IPS) compliance has
delivered “pleasing” results to the Australian Information Commissioner (AIC),
Prof John McMillan, after it was found that the majority of surveyed agencies
had published a formal IPS Plan.
Some 191 of 245 agencies responded to the survey, which was
designed to measure compliance with a policy introduced on 1 May 2011
that mandated agencies to publish a range of disclosure-related information
and documents on their Web sites.
Agencies must address a number of planning steps including
publication plans, internal governance arrangements, community
consultation, and a review of the IPS’ operation within five years of its
commencement. The new survey reflects the first of two planned audits into
the scheme’s effectiveness.
The survey found that nearly all agencies have published their IPS plan;
over 85 percent publish the required categories of information on their Web
sites; 94 percent publish operational information explaining how they make
decisions that affect members of the public; and 93 percent have appointed
a senior officer to manage IPS compliance.
The full report is available at bit.ly/MBJf9G.

Government security body holds first exams
The first candidates for the Commonwealth
government-backed CREST Australia security
certification sat their exams at the end of
September, heralding a new standard in
application and infrastructure security.
The introduction of the CREST (Council of
Registered Security Testers) certification was
announced in March, borrowing from the fouryear-old British Council of Registered Security
Testers certification.
The British standard has been adopted
by UK government peak information-security

body the Communications-Electronics
Security Group, while CREST was brought
to Australia with the blessing (and funding) of
federal Attorney-General Nicola Roxon.
The examinations are intense and
consist of two primary areas. Infrastructure
Certification Examination assesses
candidates’ ability to conduct operatingsystem security assessments, while the
Web Application Certification Examination
evaluates their ability to find vulnerabilities in
online applications.

CREST certification will finally give private
and government companies an enforceable,
meaningful attestation of the capabilities of
contractors they engage for security-related
matters. See www.crestaustralia.org.au for
more information.

Australia may adopt NZ cloud code of practice
There are indications that the National Standing
Committee on Cloud Computing (NSCCC) will
endorse a derivation of a New Zealand industry
code of practice that facilitates the process
by which cloud providers describe and market
their capabilities.
First released in May, the New Zealand
Code of Practice for Cloud Computing –
known as ‘CloudCode’ (www.nzcloudcode.
org.nz)– is an initiative by the Institute of IT
Professionals and has the support of financial
contributors including Xero, Gen-I, Equinox,
Google, Salesforce.com, InternetNZ and
other bodies.
Its goal is to boost trust in cloudcomputing offerings, with seven key guiding
principles including not reinventing the
wheel; consistency with global practice and

8 | GTR SEPTEMBER 2012

standards; a research-based, non-arbitrary
approach; facilitation of development
with wide consultation; preference for a
consensus-based result; clear separation
between governance of process
and development of code; and
compliance and assessment.
Compliance is voluntary but those who
comply will do so with the attestation that
they have met a minimum definition of what
‘cloud’ services are; offer public disclosure
statements and promotion of the code; not
market services as ‘cloud’ unless they meet
minimum definitions; be registered on a
public register of compliant cloud providers;
use standardised nomenclature to describe
services like backup, SLAs, geographic
diversity, and other terms.

Media reports have suggested NSSCC
is set to endorse a largely derivative version
of CloudCode in Australia – raising concerns
by some that the move could parochialise
cloud definitions within Australasia even
as similar global bodies work on far more
comprehensive service-definition frameworks.
For example, earlier this year the University
of Melbourne, National Australia Bank, defence
supplier Lockheed Martin and other local
organisations highlighted the progress of the
300-strong Open Data Center Alliance (ODCA,
at www.opendatacenteralliance.org) in
defining business-oriented ‘usage models’ that
specify specific constructs and behaviours for
cloud providers.
Download the code from
nzco.mp/cloudcode.

US cloud-data powers overstated: Microsoft
Concerns that the US government can
arbitrarily access Australian organisations’ data
– a widely-cited fear of many would-be cloud
adopters – are incorrect, Microsoft technical
evangelist Rocky Heckman told attendees of the
company’s recent Tech.Ed technical conference.
“People think, and governments have been
accused of mis-assuming this, that there is a
law that says you cannot host data outside of
Australian territorial boundaries,” he is reported
as saying by industry journal ZDNet Australia.
“There isn’t one – that law does not exist.”
It’s not the first time Microsoft, which has
spruiked its Azure platform-as-a-service (PaaS)
offering to governments and commercial
organisations worldwide, has come out swinging
against perceptions about data sovereignty.

Microsoft, which delivers Azure-based
applications to Australian customers from a
facility in Singapore, has been staring down
the barrel of Australian data sovereignty debate
for some time but has so far not set up an
Australian data centre to extend Azure here.
Despite Microsoft’s assurances that
data sovereignty is no issue, many Australian
government organisations retain their
concerns. “The cloud as a black box is
probably not going to happen for a very, very
long time in health,” NICTA health business
systems team leader Dr Leif Hanlen told a
recent big-data conference in Melbourne,
responding to a question about whether
government-backed e-health systems would
ever embrace cloud models.

“The simple problem in health data is that it’s
not allowed to leave the country. And you couldn’t
realistically force a cloud supplier to build a data
centre in Canberra or some other state.”
Heckman, for his part, argued that
Australian cloud providers don’t even have to
notify customers if they hand over customer
information to the police or other legal
organisations – and said they can “volunteer that
information if they suspect you may be naughty.”
“The US doesn’t even let you do that,”
he added, noting that US authorities require
a court order that can only be facilitated, not
suborned, by the Patriot Act. “This whole thing
about data sovereignty is largely perception:
we need to get over the perception we have a
data-sovereignty problem.”

GTR SEPTEMBER 2012 | 9

D

ATA CENTRE

it’s coming
for YOU!
Story by Beverley Head

10 | GTR SEPTEMBER 2012

“If you talk to the average
executive in the public sector,
their general reaction is
the cloud is evil, immoral
and dangerous.”
It may be taking
the private sector
by storm, but cloud
computing’s adoption
by government
bodies has been
victim to the stricter
governance and
risk-management
frameworks they
live by. However,
that doesn’t mean
government is
shunning the cloud
completely; as
Beverley Head finds,
in some parts the
clouds are already
settling in.

When NSW Trade & Investment announced
in July that it had signed a three year $14.5
million deal with SAP for a cloud based services,
expected to deliver $12.5 million worth of
savings each year, it heralded a new era in
government cloud computing.
Here was an agency prepared to hitch its
computing cart to a third party cloud located in
Germany – and to set a savings goal.
NSW’s cloud perestroika was hinted at in
May with the release of the State Government
ICT strategy in which NSW CIO Michael
Coutts-Trotter noted governments’ relative
lateness to the cloud compared to the private
sector. That, however, was ending, he said as
NSW embraced cloud to “drive cost efficiencies
and free up resources to be targeted at new and
better services for citizens and business.”
It’s hard to think of any level of government in
Australia that can afford to overlook such promise.
Federal government has taken some tentative
cloud computing steps: the Australian Electoral
Office used a Fujitsu cloud for its tally room in the
2010 election; the Department of Finance hosts
data.gov.au in Amazon’s cloud; and the Australian
Maritime Safety Authority uses a Salesforce.com
cloud to manage shipping information.
The Feds’ main cloud contribution, however,
has been thought leadership. In 2011, the Defence
Signals Directorate released Cloud Computing
Security Considerations, essentially a cloud
checklist for public sector organisations. In
August, the Australian Government Information
Management Office (AGIMO) released an
update of its guide A Strategic Approach to Cloud
Implementation, intended to help agencies develop
and implement cloud solutions. It also released the
final version of its community cloud governance
report and, in October, is expected to release its
list of approved Data Centre as a Service (DCaaS)
providers for contracts up to $80,000.
To roughly précis their contents: agencies
can use clouds where they provide value for

money and adequate security, but overseas
clouds should be avoided for anything other than
publicly available information.
Dr Steve Hodgkinson, Ovum’s research
director for IT in Asia Pacific, still maintains
that “if you talk to the average executive in the
public sector, their general reaction is the cloud
is evil, immoral and dangerous. Evil because it’s
unproven, immoral because it’s often offshore and
dangerous because of the privacy and security.”

Toes in the water
Rather than worrying about what might happen,
he thinks public sector organisations should just
dip their toe in the cloud and get started.
It’s what the states are doing, he says: “The
Department of Business and Innovation in Victoria
used Salesforce.com (for grants administration) and
delivered on schedule and ahead of budget. They
weren’t comfortable that the data was offshore but
they decided to work the conundrum.”
A former deputy CIO of Victoria,
Hodgkinson says that contrasts sharply with
his experience of trying to build a grants
administration system for the state. “That cost
$10 million, took three or four years to deliver
and there was one application which is barely
used. Now in less than six months they absorbed
all the grants administration into Salesforce.”
“It shouldn’t come as a surprise to anyone –
Salesforce is a shared service shared by 100,000
organisations around the world – there are no
security issues and they have access to a platform
which is functionally developing in an iterative
fashion.” Hodgkinson says the Victorian
implementation is at one level an example of
world’s best procurement practice.
Fujitsu’s general manager of cloud, John
Kaleski, says that there’s a typical hierarchy
of cloud adoption for new users. “Typically
our customers look at putting their low risk
workloads to the cloud – test and development
– pure infrastructure as a service,” he explains.

GTR SEPTEMBER 2012 | 11

D

ATA CENTRE

“In states, the interest is pretty universal,
while in federal it’s around the smaller
agencies where the budget constraints they
are under are quite significant.”

“Once they feel comfortable then the look to
leverage more software, or productivity as a
service then it’s management as a service, then
mobile device management.”
Dave Hanrahan, general manager of cloud
services for Dimension Data, agrees with Ovum
that the states are leading the charge to the
cloud. “In states, the interest is pretty universal
while in federal it’s around the smaller agencies
where the budget constraints they are under are
quite significant.”

12 | GTR SEPTEMBER 2012

Parochialism or concern?
Local government, on the other hand, appears to
be lagging: “Although they are at one level most in
need, they don’t want to be first,” Hanrahan says.
Hodgkinson agrees: “Local government are
the tier of government that can most benefit
but paradoxically are having the least to do with
cloud – why is still something of a mystery.”
One barrier in the past may have been the
lack of specialist local government focussed
software offered as a service, although some
is now emerging.
In August, for example, GovCloud – which
was set up by the Local Government Association
of Queensland (see page 16) – announced that
it had rolled out a cloud based solution for five
local Governments in response to the Natural
Disaster Resilience Program funded by the
Commonwealth and Queensland Governments
as a response to the 2011 floods and cyclones
which cut off communications at a local level.
There are other examples of local councils
embracing the cloud: Logan City Council is
exploring how to put its infrastructure data
into an accessible cloud; Open Windows
is running cloud based contract lifecycle
management with a handful of local councils;
and the Torres Strait Island Regional Council
has opted for an Infrastructure as a Service
cloud solution from Telstra.
However, in the main the states are still the
prime movers on cloud.
Hanrahan says there are a number of requests
for state cloud proposals currently in the market.

He acknowledges, however, that the states can
also prove fiercely parochial about the cloud. “In
Queensland there is very much a desire to keep all
ICT in the state where that is possible,” he says.
It’s the same in Western Australia, adds
Fujitsu’s Kaleski. “Typically state governments
are quite parochial. I would say WA is possibly
the most parochial about having their data on
this (Perth) side of the Nullarbor.”
In August Fujitsu, which has had an
Australian instance of its cloud service available
since 2010 from two Sydney data centres,
announced plans to host an instance of the cloud
in Western Australia. The company has had a lot
of interest from the WA government, according
to CEO Mike Foster.
“We were at the stage where there was
demand but no volume,” he explains. “Now we
have demand and volume. The reason the local
cloud was successful is that they want to use the
cloud’s elasticity – but they want to know where
their data is. We’ve sold that hard.”
Rackspace, which in August announced it
would offer a locally based version of its cloud
services, also stresses the data sovereignty issue,
saying that government and financial services
want locally based services.
The company’s general counsel, Alan
Schoenbaum, also made an extraordinary
commitment given the strength of the US
Patriot Act, explicitly saying that “Rackspace
will not transfer customer owned data from
our Australia data centre to a law enforcement
agency of another country (including the United

States) without a customer’s consent unless it is
compelled to do so by Australian law.”

Jurisdictional control
Data sovereignty and privacy are core issues
for the public sector as under national and
state recordkeeping legislation public sector
agencies must keep tight rein on their data. The
National Archives has issued a paper covering
records management in the cloud, as have some
of the states.
Amanda Barber is manager of government
recordkeeping at State Records NSW and
says that all jurisdictions considering a move
to the cloud need to understand the need
for common platforms, common services,
common applications and a standard approach
to information management in a well
regulated environment. Without this even
more inaccessible information silos could be
generated in clouds.
Technically it’s illegal to store a NSW State
record outside of NSW (a record is defined
very broadly as evidence of a transaction). But
aware of the cachet of the cloud, State Records
developed a framework which allows agencies to
sign up for cloud as long as proper information
governance and strategies are in place, and
contract terms and conditions are appropriate
and well managed.
Kate Cumming, project officer for NSW
government recordkeeping, believes that the
approach will eventually improve information
governance. “People keep assuming that we can
push information to the cloud and run Google
over it but we can’t. We need to be strategic about
the data we are keeping.”
She adds that agencies need to understand
the need for information sustainability and

discoverability, and how information might
be recovered if a cloud contract lapses. “People
think it’s simple but it’s not,” she says.
Jo Stewart-Rattray, Melbourne based
international vice president of IT governance
organisation ISACA, says public sector
organisations need to know what jurisdictional
control their information will be subject to,
where it will be held, who their cloud co-tenants
might be, what protections will be in place,
and how data will be backed up. “All of that is
heightened in government.”
In August, ISACA released a report on
cloud computing return on investment and last
year released IT Control Objectives for Cloud
Computing, intended to help mitigate risk
associated with the move to the cloud.
Barber and Cumming say that they don’t
want to inhibit cloud computing; both can
see the benefits, especially during government
reshuffles. At present reworking agency data
when the agency is reformed can be “horrifically
complex” according to Cumming. If data was
held in one cloud based location, it could be
simpler to implement change says Barber.
Cloud based information could also
radically change the sorts of services that could
be provided to citizens or residents. Dimension
Data’s Hanrahan expects that many citizenfacing services – which have been challenging to
deliver because they have always had to be scaled
to handle massive potential demand from day
one – could be developed in the cloud and scaled
in lockstep with demand.
It’s scale and sovereignty issues that make
Federal government slower to embrace cloud,
according to Steve Hodgkinson. The states are often
more desperate and less well-resourced, he argues,
which has driven them to the cloud earlier.

“The feds have a greater capacity to do
it themselves. Look at Centrelink, which is a
successful and robust ICT shared service that
performs miracles when required. I don’t really
have faith that the cloud will get any sort of
traction in those mission critical heavyweight
environments. But that’s not the sweet spot for
cloud services anyway – the sweet-spot is in more
commoditised markets.”
Scott Wallace, acting first assistant secretary
in the policy and planning division of AGIMO,
says cloud is essentially a new service model, and
a procurement decision for agencies. “Cloud
provides opportunities in terms of greater
flexibility and service provision, and can be faster
to develop and can lead to cost savings,” he says,
but notes that for any agency “ultimately it’s a
decision based on a business need.”
Ricardo Centellas, OFM sales consulting
director for cloud platforms at Oracle, says that
it is the communities, or cloud clusters, that are
generating most interest in the federal public
sector. Wallace says community clouds will exist
where there are common business needs, but
also notes that there will continue to be “robust
debate” about what is truly a community cloud,
and what is merely “cloud-like.”
Semantics aside, it is the pragmatic
requirements that will dictate how and when
public sector organisations migrate to the cloud.
The Department of Education, Employment and
Workplace Relations, for example, is working on
a whole of government parliamentary workflow
solution that will be provided to 40 agencies,
which has some cloud characteristics.
While purists may baulk at describing the
solution as true cloud, it’s an approach that
should deliver benefits – and for cloud that’s the
bottom line.

WINan

compliments of GTR magazine

Fill out the GTR Readership Survey and you could
win a 16GB WiFi iPad 2. Go to www.govtechreview.com.au
and click on the ‘Win an iPad2’ banner. Terms & Conditions apply

GTR SEPTEMBER 2012 | 13

D

ATA CENTRE

CLOUD ANATOMY
back up

analysis

information

security

A N A T O M Y

O F

A

C L O U D

D E A L

NSW Deputy Premier and Minister for Trade & Investment, Andrew Stoner, has described his department’s cloud
computing deal with SAP as a “potential model for other agencies.” Certainly it’s going to be one of the highest profile
cloud deployments in the public sector.
Government Technology Review asked David Kennedy, the Department’s chief information and chief technology
officer about the initiative.
Q: Why cloud?
A: This innovative approach will take less time to implement, reduce the need for investment in new hardware and
better position NSW Trade & Investment for disaster recovery and future departmental realignment.
Q: What about the challenges associated with data sovereignty and security?
A: Data and information control and security were of paramount importance and consideration with regards the chosen
solution. SAP follows operating best practices for data centres and data control which includes compliance with
internationally recognised regulatory compliance certifications, including: SAS-70 Type II Audit, SSAE 16 Type II Audit,
ISAE 3402, ISO 27001.
The concerns in relation to offshore holding and processing of our data were assessed and managed as part of
our overall risk based evaluation. Data contained within the ERP system is not classified or protected and the most
sensitive information was identified as staff payroll and HR related data. Sensitive HR / Payroll data is held exclusively
in Australia, with only a subset passed to the foreign data centre sufficient to allow full function.
Foreign hosted data with SAP in Germany is subject to EU Data protection directives and is not hosted in the
US or by a US parented entity. All tender responses with foreign hosting components were required to address
repatriation of data both on a routine ongoing basis and at end of contract.
Q: What about the benefits?
A: This new single integrated enterprise resource planning system will be the backbone for finance (including
budgeting, accounting, assets and reporting), purchasing and procurement, human resources (including leave
management) and payroll for the organisation. The scope of the project is to consolidate four existing SAP ERP
installations and multiple Aurion instances across multiple agencies and transaction processing centres into a new
single integrated enterprise resource planning system.
While we have committed to a very demanding timetable in terms of delivery, the solution will be operational by
December of this year.
Q: How will you roll this out?
A: The transition and consolidation project is underway, the project will be completed in two parts, with initial
consolidation of the core agencies (Former Industry and Investment NSW, Office of Water, Marine Parks Authority, Crown
Lands, Arts NSW, Destination NSW, Food Authority, Office of Liquor, Gaming and Racing, Independent Liquor Gaming
and Racing Authority, Soil conservation services) within the department on to the platform by the end of this year.
The other NSW Trade & Investment cluster agencies (the cultural institutions – NSW Art Gallery, NSW State
Library, Australian Museum and Powerhouse Museum) will be on board by June 2013.
Q: How might cloud impact the sorts of services you are able to provide (both internally and to your
external clients)?
A: Although this SaaS solution is an internally focused system, we will be able to provide improved self service
capability for all our staff located in over 220 offices throughout NSW. The integrated functionality with mobile devices
will enable staff who often work out on the field to be fully connected and functioning. It will facilitate our staff being
able to deliver better services to clients.
The identified savings from this initiative will enable government to reallocate those resources to front line service delivery.